From bab8e0b7b7a772f0c1af49606ebce5457ef76faf Mon Sep 17 00:00:00 2001 From: Marie Ramlow Date: Wed, 25 Dec 2024 15:42:23 +0100 Subject: [PATCH] marie-nas: init --- hosts/marie-nas/configuration.nix | 19 ++++ hosts/marie-nas/disko.nix | 138 ++++++++++++++++++++++++++++++ hosts/marie-nas/networking.nix | 29 +++++++ hosts/marie-nas/state.nix | 32 +++++++ hosts/marie-nas/zfs.nix | 8 ++ 5 files changed, 226 insertions(+) create mode 100644 hosts/marie-nas/configuration.nix create mode 100644 hosts/marie-nas/disko.nix create mode 100644 hosts/marie-nas/networking.nix create mode 100644 hosts/marie-nas/state.nix create mode 100644 hosts/marie-nas/zfs.nix diff --git a/hosts/marie-nas/configuration.nix b/hosts/marie-nas/configuration.nix new file mode 100644 index 00000000..7eb56ece --- /dev/null +++ b/hosts/marie-nas/configuration.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + imports = [ + ./disko.nix + ./networking.nix + ./state.nix + ./zfs.nix + ]; + boot = { + loader = { + systemd-boot = { + enable = true; + memtest86.enable = true; + }; + efi.canTouchEfiVariables = true; + }; + kernelPackages = pkgs.linuxPackages_6_12; + }; +} diff --git a/hosts/marie-nas/disko.nix b/hosts/marie-nas/disko.nix new file mode 100644 index 00000000..cb1ebe60 --- /dev/null +++ b/hosts/marie-nas/disko.nix @@ -0,0 +1,138 @@ +{ + disko.devices = { + disk = { + root = { + type = "disk"; + # device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_500GB_S466NB0K428706Z"; + device = "/dev/disk/by-id/"; # TODO: change device + content = { + type = "gpt"; + partitions = { + esp = { + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + swap = { + size = "16G"; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "root"; + settings = { + allowDiscards = true; + keyFile = "/mnt/encryption-keys/root.key"; + }; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + wd-red-plus-a = { + type = "disk"; + device = "/dev/disk/by-id/"; # TODO: add disk + content = { + type = "luks"; + name = "wd-red-plus-a"; + settings = { + allowDiscards = true; + keyFile = "/mnt/encryption-keys/wd-red-plus-a.key"; + }; + content = { + type = "zfs"; + pool = "tank"; + }; + }; + }; + wd-red-plus-b = { + type = "disk"; + device = "/dev/disk/by-id/"; # TODO: add disk + content = { + type = "luks"; + name = "wd-red-plus-b"; + settings = { + allowDiscards = true; + keyFile = "/mnt/encryption-keys/wd-red-plus-b.key"; + }; + content = { + type = "zfs"; + pool = "tank"; + }; + }; + }; + }; + zpool = + let + options = { + acltype = "posixacl"; + compression = "zstd"; + mountpoint = "none"; + xattr = "sa"; + dnodesize = "auto"; + atime = "off"; + }; + in + { + zroot = { + type = "zpool"; + rootFsOptions = options; + options.ashift = "12"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/local/root@blank$' || zfs snapshot zroot/local/root@blank"; + + datasets = { + "local/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + "local/root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + "data/state" = { + type = "zfs_fs"; + mountpoint = "/state"; + }; + }; + }; + tank = { + type = "zpool"; + mode = "mirror"; + rootFsOptions = options; + options.ashift = "12"; + + datasets = { + "data/shares" = { + type = "zfs_fs"; + mountpoint = "/srv/shares"; + }; + "data/shares/media" = { + type = "zfs_fs"; + mountpoint = "/srv/shares/media"; + options = { + recordsize = "1M"; + }; + }; + "data/shares/marie" = { + type = "zfs_fs"; + mountpoint = "/srv/shares/marie"; + }; + }; + }; + }; + }; +} diff --git a/hosts/marie-nas/networking.nix b/hosts/marie-nas/networking.nix new file mode 100644 index 00000000..5defa7b0 --- /dev/null +++ b/hosts/marie-nas/networking.nix @@ -0,0 +1,29 @@ +{ ... }: +{ + networking = { + hostName = "marie-nas"; + useDHCP = false; + nftables.enable = true; + }; + systemd.network = { + enable = true; + networks = { + ethernet = { + matchConfig = { + Type = [ "ether" ]; + Kind = [ "!veth" ]; + }; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + KeepConfiguration = "yes"; + }; + }; + }; + }; + + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; +} diff --git a/hosts/marie-nas/state.nix b/hosts/marie-nas/state.nix new file mode 100644 index 00000000..b77f4ca0 --- /dev/null +++ b/hosts/marie-nas/state.nix @@ -0,0 +1,32 @@ +{ ... }: +{ + users.mutableUsers = false; + preservation = { + enable = true; + preserveAt."/state" = { + directories = [ + "/etc/NIXOS" + { directory = "/home/marie"; user = "marie"; group = "users"; } + "/var/db/sudo" + { directory = "/var/lib/nixos"; inInitrd = true; } + "/var/lib/systemd" + "/var/lib/tailscale" + "/var/log" + ]; + files = [ + { file = "/etc/machine-id"; inInitrd = true; how = "symlink"; configureParent = true; } + { file = "/etc/ssh/ssh_host_ed25519_key"; mode = "0700"; inInitrd = true; } + { file = "/etc/ssh/ssh_host_ed25519_key.pub"; inInitrd = true; } + { file = "/etc/ssh/ssh_host_rsa_key"; mode = "0700"; inInitrd = true; } + { file = "/etc/ssh/ssh_host_rsa_key.pub"; inInitrd = true; } + ]; + }; + }; + + systemd.suppressedSystemUnits = [ "systemd-machine-id-commit.service" ]; + + systemd.services.systemd-machine-id-commit = { + unitConfig.ConditionPathIsMountPoint = [ "" "/state/etc/machine-id" ]; + serviceConfig.ExecStart = [ "" "systemd-machine-id-setup --commit --root /state" ]; + }; +} diff --git a/hosts/marie-nas/zfs.nix b/hosts/marie-nas/zfs.nix new file mode 100644 index 00000000..a9ba216d --- /dev/null +++ b/hosts/marie-nas/zfs.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + networking.hostId = "450afd45"; + boot = { + supportedFilesystems.zfs = true; + zfs.forceImportRoot = false; + }; +}